U.S. Patent Application Serial No. 10/692,530 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
application. Please amend the claims as follows: 

Listing of Claims: 

1 . (Currently Amended) In an initiating system, a computer-implemented method for 
establishing a new group identity, the method comprising: 

creating group id e ntity information; 

receiving a selection s e l e cting a first subset of [[the]] group identity information 
for a first group to include in a first group identity information document for disclosure to 
a first receiving system; 

selecting a s e cond subset of the group id e ntity information to include in a s e cond 
group id e ntity informati on document for disclosure to a second receiving syst e m, wh e rein 
th e second subset is diff e rent from tho first subset, and wh e r e in th e s e cond rec e iving 
system is different from the first r e ceiving system; 

generating a first group-signed group identity information document comprising 
the first subset of th e group identity information for the first group , an embedded use 
policy that expresses a privacy policy providing instructions as to how the first subset of 
the group identity information for the first group may be used, wherein the embedded use 
policy is stored with the first subs e t of th e group identity information for the first group , 
at least a first key, and a first group identity information document signature signed by 
[[a]] an group owner of the first group using a second key associated with the first key, 
wherein the second key is a private key of the first g roup and is owned by the first g roup 
owner; 

sending the first group-signed group identity information document to the first 
receiving system to establish the first group as a new group identity at the first receiving 
system; 
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receiving a selection of personal identity information to include in a personal 
certificate for an originator; 

generating a self-signed personal certificate using the selection of personal 
identity information, wherein the self-signed personal certificate establishes the 
originator's personal identity, and wherein the self-signed personal certificate is signed 
by the originator; 

attaching the self-signed personal certificate to a first message for sending to the 
first receiving system; 

determining whether to attach, to the first message, a first group-signed 
membership certificate with the self-signed personal certificate, wherein the first group- 
signed membership certificate is group-signed by the first group owner, and wherein the 
first group-signed membership certificate establishes the originator's membership 
identity in the first group; 

when the first group-signed membership certificate is to be attached to the first 
message: 

attaching the first group-signed membership certificate with the self- 
signed personal certificate to the first message for sending to the first receiving 
system; 

determining whether to attach, to the first message, an additional 
membership certificate with the first group-signed membership certificate and the 
self-signed personal certificate; and 

when no additional membership certificate is to be attached, sending the 
first message with the attached self-signed personal certificate and the attached 
first group-signed membership certificate to the first receiving system . 

2. (Cancelled) 

3. (Cancelled) 
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4. (Cancelled) 

5. (Cancelled) 

6. (Cancelled) 

7. (Cancelled) 

8. (Currently Amended) The method of claim [[6]] \ further comprising: 

receivin g, at the first receiving system, the first g roup-signed membership 
certificate identity information docum e nt and the self-signed personal certificate i dentity 
information docum e nt from the originator; 

detecting whether the new group associated with the first group-signed 
membership certificate identity information document is has been previously accepted 
and whether the originator person associated with the self-signed p ersonal certificate 
identity information document is has been previously accepted; 

assigning a_first security protocol based on a security protocol for the first group 
protocols to communications from the originator [[if]] when the new group [[is]] has 
been previously accepted; and 

assigning a_second security protocol based on the personal identity of the 
originator p rotocols to communications from the originator [[if]] when the personal 
certificate has been previously p e rson is accepted. 

9. (Currently Amended) In a communication system, an apparatus for establishing a new 
group identity of a first group at a first receiving system, comprising: 

an initiating system, comprising a processing unit and computer storage media, 
the computer storage media encoding modules for execution by the processing unit, 
including: 

a group ID generate module generating a first group-signed group certificate 
comprising at least a public key, a digital signature for the first g roup, and an embedded 
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use policy that expresses a privacy policy providing instructions as to how a first subset 
of group identity information for the first group may be used at [[a]] the first receiving 
system, wherein the embedded use policy is stored with the first subset of group identity 
information for the first group, and wherein the first subset of group identity information 
is selected from group identity information for disclosure to the first receiving system-and 
a second subset of group id e ntity information is sel e cted from th e group id e ntity 
information for disclosur e to a second receiving syst e m, the first subset being differ e nt 
from th e second subs e t ; [[and]] 

a send module transmitting the group certificate to the first receiving system to 
establish the new group identity of the first group at the first receiving system; 

a receive module for receiving a selection of personal identity information to 
include in a personal certificate for an originator; 

a personal ID generate module for generating a self-signed personal certificate 
using the selection of personal identity information, wherein the self-signed personal 
certificate establishes the originator's personal identity, and wherein the self-signed 
personal certificate is signed by the originator; 

an attach module for attaching the self-signed personal certificate to a first 
message for sending to the first receiving system; 

a determination module for determining whether to attach, to the first message, a 
first group-signed membership certificate with the self-signed personal certificate, 
wherein the first membership certificate is group-signed by the first group owner, and 
wherein the first group-signed membership certificate establishes the originator's 
membership identity in the first group; 

when the first group-signed membership certificate is to be attached to the first 
message: 
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the attach module attaching the first group-signed membership certificate 
with the self-signed personal certificate to the first message for sendin g to the first 
receiving system; 

the determination module determining whether to attach, to the first 
message, an additional membership certificate with the first group-signed 
membership certificate and the self-signed personal certificate; and 

when no additional membership certificate is to b e attached, the send 
module sending the first message with the self-signed per sonal certificate and the 
first group-signed membership certificate to the first receiving system . 

10. (Cancelled) 

1 1 . (Currently Amended) The apparatus of claim [[10]] 9 further comprising: 

a membership ID generate module for g enerating the first group-signed [[a]] 
membership certificate having at least a public key of tho Bond e r and a digital signature 
for the new group; 

a save module, responsive to the membership ID generate module, storing the first 
group-signed membership certificate; 

a retrieve module retrieving the first group-signed membership certificate from 
the save module and providing the first group-signed membership certificate to the attach 
module. 

12. (Currently Amended) The apparatus of claim [[1 0]] 9 further comprising: 

[[a]] the first receiving system[[,]] comprising a processing unit and computer 
storage media, the computer storage media encoding modules for execution by the 
processing unit, including: 

a receive module at the first receiving system receiving the first group-signed 
membership certificate; and 
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an accept module at the first receiving system detecting whether to accept the first 
group-signed membership certificate. 

13. (Currently Amended) The apparatus of claim 12 further comprising: 

an assign module , at the first receiving system, assigning a security identification 
to communications from the sender originator based on the new group associated with the 
first group-signed membership certificate [[if]] when the first group-signed membership 
certificate is accepted by the accept module. 

14. (Cancelled) 

15. (Currently Amended) The apparatus of claim [[12]] 9 further comprising: 

a p e rsonal ID generate modulo generating a personal c e rtificate having at least a 
public k e y of the s e nder and a digital signature by th e sender; 

a receive module at the first receiving system receiving the certificates; 

an accept module at the first receiving system detecting if the certificates are to be 
accepted; 

an assign module , at the first receiving system, assigning a first security protocol 
to communications from the originator sender- based on [[a]] the_group identity of the first 
group associated with the first group-signed m embership certificate [[if]] when the first 
group-signed membership certificate is accepted by the accept module; 

the send modulo transmitting the personal certificate to establish the s e nder's 
identity at tho first r e ceiving system; and 

the assign module , at the first receiving system, assigning a second security 
protocol to communications from the originator s ender based on thepersonal identity 
associated with the self-signed p ersonal certificate [[if]] when the self-signed p ersonal 
certificate is accepted by the accept module at the first receiving system . 
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16. (Currently Amended) A computer storage medium readable by a computing system and 
encoding a computer program of instructions for executing a computer process for 
establishing a new group identity in communications between an initiating system and a 
first receiving system, said computer process comprising: 

generating^ at the initiating system^ a first group-signed group certificate 
comprising at least an embedded group use policy that expresses a privacy policy 
providing instructions as to how a first subset_of group identity information for a first 
group may be used at the first receiving system, wherein the embedded use policy is 
stored with the first subset of group identity information for the first group , a group 
public key and a digital signature for the group signed , bv a group owner of the first 
group, with a group private key associated with the group public key, and wherein the 
first subset of group identity information for the first group is selected from group 
identity information for disclosure to the first receiving system and a second subs e t of 
group identity information is aoloctod from tho group identity information for disclosure 
to a s e cond receiving system, the first subset being differ e nt from th e second subset ; 

sending the first group-signed g roup certificate to the first receiving system to 
establish the first group as a new group identity at the first receiving system; 

receiving a selection of personal identity information to include in a personal 
certificate for an originator; 

generating a self-signed personal certificate using the selection of personal 
identity information, wherein the self-signed personal certificate establishes the 
originator's personal identity, and wherein the self-signed personal certificate has at least 
a public key of the originator, an embedded personal use policy that ex presses a personal 
privacy policy providing instructions as to how personal identity information may be 
used, wherein the embedded personal use policy is stored with t he personal identity 
information, and a digital signature using the private key of the originator; 

attaching the self-signed personal certificate to a first message for sending to the 
first receiving system; 
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determining whether to attach, to the first message, a first group-signed 
membership certificate with the self-signed personal certificate, wherein the first group- 
signed membership certificate is group-signed by the first group owner, and w herein the 
first group-signed membership certificate establishes the originator's membership 
identity in the first group; 

when the first group-signed membership certificate is to be attached to the first 
message: 

attaching the first group-signed membership certificate with the self- 
signed personal certificate to the first message for sending to the first receiving 
system; 

determining whether to attach, to the first message, an additional 
membership certificate with the first group-signed membership certificate and the 
self-signed personal certificate; and 

when no additional membership certificate is to be attach ed, sending the 
first message with the self-signed personal certificate an d the first group-signed 
membership certificate to the first receiving system 

sending a membership cortificato to the first receiving system to establish an 
originator as a m e mber of th e n o w group at th e first receiving system; 

generating a p e rsonal certificate having at l e ast a public key of the originator, a 
p e rsonal use policy that expresses a personal privacy policy providing instructions as to 
how personal identity information may be used, wher e in the emb e dded personal us e 
policy is stored with the personal identity information, and a digital signature for the 
originator signed by the originator with a private k e y associated with the public key of 
the originator; and 

sending the personal cortificato to establish the personal identity of the originator 
at the first receiving system . 



17. (Cancelled) 
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1 8 . (Currently Amended) The computer r e adable storage medium of claim 1 6 wherein the 
process further comprises: 

creating the first group-signed membership certificate at the initiating systems-fee 
membership certificate having at least a public key of the originator and a digital 
signature sign e d using th e group private k e y . 

1 9. (Currently Amended) The computer readabl e storage medium of claim 1 6 wherein the 
process further comprises: 

receiving the first group-signed membership certificate at the first receiving 
system; and 

testing acceptance of the group identity of the first group received in the first 
group-signed membership certificate. 

20. (Currently Amended) The computer r e adabl e storage m edium of claim 1 9 wherein the 
process further comprises: 

assigning a first security protocol to communications from the originator based on 
the new group identity of the first group [[if]] when the first group-signed membership 
certificate is accepted by the act of testing. 

21. (Cancelled) 

22. (Currently Amended) The computer readable storage medium of claim 1 6 wherein the 
process further comprises: 

accepting the identity information in the certificates received at the first receiving 
system [[if]] when the certificates have been previously accepted; 

assigning a first security identification to reflect a security protocol for [[to]] 
communications from the originato r, wherein the first security protocol is applied to 
communications for the first group bas e d on the first subset of group identity information 
if the membership certificate is accept e d ; and 
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assigning a second security identification to reflect a sec ond security protocol for 
communications from the originato r, wherein the second security protocol is applied to 
communications from the originator based on the personal identity of th e originator-based 
on th e personal identity information of the originator if the personal certificate is 
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